Bryley Basics (in 100 words): Mass. enacts sales tax on Computer Services

Massachusetts is now one of the few states collecting sales tax on services; the 6.25% tax targets specific computer system design services as of July 31st.

The legislation was approved July 24th, 2013 with the intent to tax customization services; the relevant, broadly worded phrases:

  • “’Computer system design services’, the planning, consulting or designing of computer systems that integrate hardware, software or communications technologies…”
  • “…modification, integration, enhancement, installation, or configuration of standardized software.”

See Section 48 and Section 49 of Chapter 46 of Massachusetts Session Laws at https://malegislature.gov/Laws/SessionLaws/Acts/2013/Chapter46 for details.

Fortunately, this legislation was followed on July 25th with guidance from the Massachusetts Department of Revenue (DOR) in Technical Information Release (TIR) 13-10, which helped to narrow the discussion with these clarifications:

  • “…generally intending to tax software services that modify, enable, or adapt prewritten software to meet the business or technical requirements of a particular purchaser and to operate on the purchaser’s computer systems…”
  • “…may also be described as customization services with respect to prewritten software.”

TI 13-10 also provides guidance on sourcing; when the tax would be applied if the provider or consumer occupies multiple tax jurisdictions.  TIR 13-10 is available at http://www.mass.gov/dor/businesses/help-and-resources/legal-library/tirs/tirs-by-years/2013-releases/tir-13-10.html.

Why are QR codes failing?

Why are QR codes failing?

QR (Quick Response) codes were developed over 20 years ago to track goods and inventory, but are now a marketing technique targeted at on-the-go cellphone users to easily receive information and promotions.  However, only 19% of US cellphones have ever tracked a QR code; plus, most QR codes are scanned at home, usually from a magazine or newspaper.

Problems with QR codes:

  • They are typically displayed improperly and lack consumer enticement
  • They just aren’t that easy to use; they take time and effort to scan

It’s not too late for QR codes, but here are some things that need to change:

  • Advertisers should place QR codes in easy-to-retrieve locations
  • QR-code messaging must include immediate, useful benefits
  • QR-code scanners need to become easy-to-use

Invoke media posted http://www.invokemedia.com/qr-codes-why-they-are-failing-and-what-the-future-holds/ (article no longer appears to be available) to review QR code use on their site, The Blog; they also point out that Mobile Visual Search (MVS), a newer technology that responds with relevant options based on a picture, could work with or even replace QR codes.

Jim Livingstone Retires

Jim Livingstone officially retired from Bryley Systems; he was a dedicated and highly productive employee for over 22 years.

After a distinguished career in Engineering, Jim moved his family to Massachusetts in the early 1970s to run Data Technology, Inc., which he later purchased and grew before spinning off a new company, RoMec Inc. in the early-1980s.

Jim joined Bryley Systems on a full-time basis in 1991; he was instrumental in the early years, providing managerial support and advice while handling many of the administrative and operational duties.  He gradually decreased his involvement in the late 1990s, moving to a part-time role with decreasing responsibilities while continuing to advise and mentor the management team.

Security concern with popular, home-based, Internet routers

Independent Security Evaluators, a Baltimore-based security firm, stated that 13 Internet routers sold for home use were vulnerable to attack if the hacker had network access and could obtain the username and password of the router.  These routers include:

  • Linksys WRT310v2
  • Netgear’s WNDR4700
  • TP-Link’s WR1043N
  • Verizon’s FiOS Actiontec MI424WR-GEN3I
  • D-Link’s DIR865L
  • Belkin’s N300, N900 and F5D8236-4 v2 models

Basic suggestions:

  • Check to see if your home-based Internet modem/router is named above.  If so, check with the manufacturer to ensure that all security updates have been applied.
  • Change the login credentials using a complex password.  (Please review the article “Simple passwords = disaster” in our January 2013 Bryley Tips and Information.)

 

ComputerWorld.com — Popular Home Routers Contain Critical Security Vulnerabilities has the full story by Jeremy Kirk at ComputerWorld.

The (near-term) future of computer technology – Part 1

The crystal ball is somewhat cloudy, but here are my thoughts on user interfaces and their adoption.

User interfaces on computing devices

Alphabetically, these are the practical computer-interface options we know today:

  • Heads-up Display (HUD) – Military displays have been based on HUD technology for decades.  Basic concept is to provide see-through information that is available within the area of vision without the need to look around.
  • Motion sensing – Motion allows the user to direct through body motions; you can lump the joystick and mouse in this category, but, preferably, Motion is done without manipulating a physical device.
  • Projection – A key component of HUD, it could enhance or replace displays, especially on mobile devices that can be difficult to read due to their small size.  Projection, combined with Motion, will get interesting when you can gesture within a larger image projected onto a nearby surface.
  • Speech recognition with text-to-speech or TTS – Older technologies (a blind friend has had both since the late-80s), but computer processing is now robust enough to support Speech for mainstream use.
  • Touch displays – Touch has been around since the early 1990s, but it wasn’t until a few years ago that manufacturing costs of touch displays decreased to assist with the widespread adoption of mobile devices.  Touch simplifies the user interface by removing the need for separate keyboards (and mice), but generally mimics the function of a keyboard when inputting significant amounts of text.
  • Type – I’d define this as old-school typing on a separate keyboard, usually with a mouse to assist; can’t seem to get rid of this one since it is so inexpensive and since most (all?) computers still support its use.

Some examples with their approximate costs:

  • Google Glass – Combines HUD with Speech in an eye-glass format; $1,500.
  • Microsoft Table – Touch with Projection on a table-top surface; just $8,400.
  • Nitendo’s Wii – Maybe not so new, but Motion for game consoles that was revolutionary in the mid-2000s; about $130.
  • Keyboard plus mouse – Older than dirt, but you can get both for under $15.

Adoption of user interfaces within the generational divide

In terms of adopting new interfaces, I think that much depends on your age group:

  • Younger folk (less than 30 years old) take naturally to the newest and fastest; they’ll still Type via Touch (reluctantly, usually by abbreviating wherever possible), but HUD, Motion, and Projection, are their future.  (Not quite so sure about the use of Speech in this group; do people under 30 talk to others on their phone or do they only text one another?)
  • Mid-range (call it 30 to 55 years old) people can adapt, but it gets tougher as you advance (age-wise) within this group.  I figure these folk Speak, Type and Touch, but would be willing to migrate to other options if they are easy to deploy and inexpensive to own.  Full-size keyboards and mice will remain (and, hopefully, die) with this group.
  • Older (over 55) folk are less adaptable, but can cope with current technology.  Switching platforms is a challenge, even if the interface is conceptually easier to grasp and use.  Some can learn how to use other options, but I suspect most will stay with what they know: Touch and Type.

From my experience:

  • I have had computing experience since high school.  While training my dad on Microsoft Windows, I was struck by the amount of effort required to transfer knowledge; the concepts were tough for my dad, who had no computing background, to assimilate.
  • My son, who grew up with graphic-intensive video games, has a broad grasp of current technologies and flexible fingers; he always looks pained when demonstrating basic touch-screen usage to me on my mobile phone.  (It doesn’t help that I can barely see the screen and that my thumbs tend to stray away from their intended targets, especially in portrait mode.)

Basically; you can teach an aging human a new interface, but it takes some work.

Simple passwords = disaster

The top five end-user passwords from 2012 were:

  • password (yes, the actual word itself)
  • 123456
  • 12345678
  • abc123
  • qwerty (top-left keys on your keyboard below the numbers)

 

The top three in this list, “password”, 123456”, and “12345678”, were also the top three passwords in 2011.  Basic analysis:  Most people prefer simple passwords that are easy to remember and replicate.

 

However, by simplifying passwords, we are making it easy for others to access our online accounts.  As Mike Morel, Bryley Engineer, pointed out: “I just HATE [sic] the fact that passwords need to be more complex and abstract because it is counter-intuitive to (the average) human thought process.  We would all just want to have 1 password for everything…  Something easy to remember.  New techniques, faster computing power, and sheer determination on the part of the bad guys makes that nearly impossible going forward.”

 

According to Wikipedia: “The strength of a password is a function of its length, complexity, and predictability.  Using strong passwords lowers the overall risk of a security breach.”

 

Since they are unpredictable, the strongest passwords are randomly generated and long; these prove to be the most-difficult to crack since they do not relate to anything.  However, they are also the most difficult to remember and can be virtually impossible to get end-users to adopt.

 

When creating a non-random password:

  • Add length to the password itself; eight characters are considered a minimum, but passwords of greater length can be tougher to crack.
  • Use both upper and lower-case alphabetic characters.
  • Add special characters (! @ # $ % ^ & * + =) and numbers (1 2 3 4, etc.).
  • Use the upper-case characters, numbers, and special characters within the body of the password rather than at the beginning or end of the password.
  • Do not use anything of a personal nature such as birthdays or names or relations and pets.

 

See http://news.cnet.com/8301-1009_3-57538774-83/jesus-welcome-join-list-of-worst-passwords/ for an informative article from Steven Musil of CNET News.  Visit http://thehackernews.com/2013/01/the-use-of-passwords-in-technological.html for the hacker’s perspective.  (Editor’s note:  Bryley Systems does not endorse the views nor the content of www.thehackernews.com; we find this site to be counter to the interests of our readers and clients and we urge caution when visiting.)

Cybercrime targets smaller organizations

A recent Data Breach Investigation Report (DBIR) from Verizon notes that 98% of data breaches stemmed from external sources using hacking techniques (81%) and malware (69%).  About 79% of the data breaches were directed at “targets of opportunity”, typically smaller organizations that are vulnerable through an “exploitable weakness”; most attacks were performed using relatively unsophisticated methods.

Of the breaches investigated, 94% involved computer-network servers; 85% took weeks or longer to discover.  Of those discovered, “97% were avoidable through simple or intermediate controls”.

Wade Baker, Verizon’s security research director, told London’s The Inquirer that cyber-criminals target small and mid-sized organizations since larger enterprises are well defended.

Basic suggestions:

  • Scan emails for malware and threats
  • Require complex passwords that change frequently
  • Restrict access-control and review event logs periodically
  • Deploy a physical firewall and maintain/update it periodically
  • Restrict web-surfing, especially on computers with access to sensitive data
  • Install malware-prevention software, update it continuously, and scan often
  • Train employees on proper security policies and common threats

(Note: These are areas where Bryley Systems can help; please call us at 978.562.6077 or email Info@Bryley.com.)

See CSO’s Thwarted by Security at enterprises, cyber criminals target SMBs for comments and suggestions.

 

Visit http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf  summary.